CVE-2025-58174

Name of the Vulnerable Software and Affected Versions LDAP Account Manager versions prior to 9.3

Description LDAP Account Manager (LAM) is a web frontend for managing entries stored in an LDAP directory. The application allows stored cross-site scripting in the Profile section via the profile name field. Untrusted input is rendered as HTML and executes a supplied script. An authenticated user with permission to create or edit a profile can insert a script payload into the profile name, which is then executed when the profile data is viewed in a browser.

Recommendations Update to version 9.3 or later.